Result | Test Name | Message |
---|---|---|
PASS | Header: "accept-charset" should not be allowed | |
PASS | Header: "accept-encoding" should not be allowed | |
PASS | Header: "access-control-request-headers" should not be allowed | |
PASS | Header: "access-control-request-method" should not be allowed | |
PASS | Header: "connection" should not be allowed | |
PASS | Header: "content-length" should not be allowed | |
PASS | Header: "cookie" should not be allowed | |
PASS | Header: "cookie2" should not be allowed | |
PASS | Header: "date" should not be allowed | |
PASS | Header: "dnt" should not be allowed | |
PASS | Header: "expect" should not be allowed | |
PASS | Header: "host" should not be allowed | |
PASS | Header: "keep-alive" should not be allowed | |
PASS | Header: "origin" should not be allowed | |
PASS | Header: "referer" should not be allowed | |
PASS | Header: "te" should not be allowed | |
PASS | Header: "trailer" should not be allowed | |
PASS | Header: "transfer-encoding" should not be allowed | |
PASS | Header: "upgrade" should not be allowed | |
PASS | Header: "user-agent" should not be allowed | |
PASS | Header: "via" should not be allowed | |
PASS | Header: "proxy-" should not be allowed | |
PASS | Header: "proxy-xyz" should not be allowed | |
PASS | Header: "sec-" should not be allowed | |
PASS | Header: "sec-xyz" should not be allowed |
Result | Test Name | Message |
---|---|---|
PASS | Header: "accept-charset" should not be allowed | |
PASS | Header: "accept-encoding" should not be allowed | |
PASS | Header: "access-control-request-headers" should not be allowed | |
PASS | Header: "access-control-request-method" should not be allowed | |
PASS | Header: "connection" should not be allowed | |
PASS | Header: "content-length" should not be allowed | |
PASS | Header: "cookie" should not be allowed | |
PASS | Header: "cookie2" should not be allowed | |
PASS | Header: "date" should not be allowed | |
PASS | Header: "dnt" should not be allowed | |
PASS | Header: "expect" should not be allowed | |
PASS | Header: "host" should not be allowed | |
PASS | Header: "keep-alive" should not be allowed | |
PASS | Header: "origin" should not be allowed | |
PASS | Header: "referer" should not be allowed | |
PASS | Header: "te" should not be allowed | |
PASS | Header: "trailer" should not be allowed | |
PASS | Header: "transfer-encoding" should not be allowed | |
PASS | Header: "upgrade" should not be allowed | |
PASS | Header: "user-agent" should not be allowed | |
PASS | Header: "via" should not be allowed | |
PASS | Header: "proxy-" should not be allowed | |
PASS | Header: "proxy-xyz" should not be allowed | |
PASS | Header: "sec-" should not be allowed | |
PASS | Header: "sec-xyz" should not be allowed |
Result | Test Name | Message |
---|---|---|
PASS | Header: "accept-charset" should not be allowed | |
PASS | Header: "accept-encoding" should not be allowed | |
PASS | Header: "access-control-request-headers" should not be allowed | |
PASS | Header: "access-control-request-method" should not be allowed | |
PASS | Header: "connection" should not be allowed | |
PASS | Header: "content-length" should not be allowed | |
PASS | Header: "cookie" should not be allowed | |
PASS | Header: "cookie2" should not be allowed | |
PASS | Header: "date" should not be allowed | |
PASS | Header: "dnt" should not be allowed | |
PASS | Header: "expect" should not be allowed | |
PASS | Header: "host" should not be allowed | |
PASS | Header: "keep-alive" should not be allowed | |
PASS | Header: "origin" should not be allowed | |
PASS | Header: "referer" should not be allowed | |
PASS | Header: "te" should not be allowed | |
PASS | Header: "trailer" should not be allowed | |
PASS | Header: "transfer-encoding" should not be allowed | |
PASS | Header: "upgrade" should not be allowed | |
PASS | Header: "user-agent" should not be allowed | |
PASS | Header: "via" should not be allowed | |
PASS | Header: "proxy-" should not be allowed | |
PASS | Header: "proxy-xyz" should not be allowed | |
PASS | Header: "sec-" should not be allowed | |
PASS | Header: "sec-xyz" should not be allowed |
Result | Test Name | Message |
---|---|---|
PASS | Header: "accept-charset" should not be allowed | |
PASS | Header: "accept-encoding" should not be allowed | |
PASS | Header: "access-control-request-headers" should not be allowed | |
PASS | Header: "access-control-request-method" should not be allowed | |
PASS | Header: "connection" should not be allowed | |
PASS | Header: "content-length" should not be allowed | |
PASS | Header: "cookie" should not be allowed | |
PASS | Header: "cookie2" should not be allowed | |
PASS | Header: "date" should not be allowed | |
PASS | Header: "dnt" should not be allowed | |
PASS | Header: "expect" should not be allowed | |
PASS | Header: "host" should not be allowed | |
PASS | Header: "keep-alive" should not be allowed | |
PASS | Header: "origin" should not be allowed | |
PASS | Header: "referer" should not be allowed | |
PASS | Header: "te" should not be allowed | |
PASS | Header: "trailer" should not be allowed | |
PASS | Header: "transfer-encoding" should not be allowed | |
PASS | Header: "upgrade" should not be allowed | |
FAIL | Header: "user-agent" should not be allowed | assert_false: Header 'user-agent' was allowed expected false got true |
PASS | Header: "via" should not be allowed | |
PASS | Header: "proxy-" should not be allowed | |
PASS | Header: "proxy-xyz" should not be allowed | |
PASS | Header: "sec-" should not be allowed | |
PASS | Header: "sec-xyz" should not be allowed |
Result | Test Name | Message |
---|---|---|
PASS | Header: "accept-charset" should not be allowed | |
PASS | Header: "accept-encoding" should not be allowed | |
PASS | Header: "access-control-request-headers" should not be allowed | |
PASS | Header: "access-control-request-method" should not be allowed | |
PASS | Header: "connection" should not be allowed | |
PASS | Header: "content-length" should not be allowed | |
PASS | Header: "cookie" should not be allowed | |
PASS | Header: "cookie2" should not be allowed | |
PASS | Header: "date" should not be allowed | |
PASS | Header: "dnt" should not be allowed | |
PASS | Header: "expect" should not be allowed | |
PASS | Header: "host" should not be allowed | |
PASS | Header: "keep-alive" should not be allowed | |
PASS | Header: "origin" should not be allowed | |
PASS | Header: "referer" should not be allowed | |
PASS | Header: "te" should not be allowed | |
PASS | Header: "trailer" should not be allowed | |
PASS | Header: "transfer-encoding" should not be allowed | |
PASS | Header: "upgrade" should not be allowed | |
PASS | Header: "user-agent" should not be allowed | |
PASS | Header: "via" should not be allowed | |
PASS | Header: "proxy-" should not be allowed | |
PASS | Header: "proxy-xyz" should not be allowed | |
PASS | Header: "sec-" should not be allowed | |
PASS | Header: "sec-xyz" should not be allowed |
Result | Test Name | Message |
---|---|---|
PASS | Header: "accept-charset" should not be allowed | |
PASS | Header: "accept-encoding" should not be allowed | |
PASS | Header: "access-control-request-headers" should not be allowed | |
PASS | Header: "access-control-request-method" should not be allowed | |
PASS | Header: "connection" should not be allowed | |
PASS | Header: "content-length" should not be allowed | |
PASS | Header: "cookie" should not be allowed | |
PASS | Header: "cookie2" should not be allowed | |
PASS | Header: "date" should not be allowed | |
PASS | Header: "dnt" should not be allowed | |
PASS | Header: "expect" should not be allowed | |
PASS | Header: "host" should not be allowed | |
PASS | Header: "keep-alive" should not be allowed | |
PASS | Header: "origin" should not be allowed | |
PASS | Header: "referer" should not be allowed | |
PASS | Header: "te" should not be allowed | |
PASS | Header: "trailer" should not be allowed | |
PASS | Header: "transfer-encoding" should not be allowed | |
PASS | Header: "upgrade" should not be allowed | |
PASS | Header: "user-agent" should not be allowed | |
PASS | Header: "via" should not be allowed | |
PASS | Header: "proxy-" should not be allowed | |
PASS | Header: "proxy-xyz" should not be allowed | |
PASS | Header: "sec-" should not be allowed | |
PASS | Header: "sec-xyz" should not be allowed |
<html>
<head>
<script src="/public/js/testharness-domstorm.js"></script>
<script>
// The userScript for the Module
// W3C Testharness.js
// Turotial: http://darobin.github.io/test-harness-tutorial/docs/using-testharness.html
// W3c Platform Tests: https://github.com/w3c/web-platform-tests
setup({
allow_uncaught_exception: true
});
function shouldReturnFalse(val) {
test(function() {
var client = new XMLHttpRequest();
client.open("GET", "/helper/headers?filter=TEST", false); // we send this synchronously for testing
client.setRequestHeader(val, "TEST");
client.send(null);
var headers = JSON.parse(client.responseText);
// console.log(val);
// console.log(headers);
assert_false(headers.hasOwnProperty(val), "Header '" + val + "' was allowed");
//assert_own_property(headers, val);
}, "Header: \"" + val + "\" should not be allowed");
}
var data = ["Accept-Charset", "Accept-Encoding", "Access-Control-Request-Headers", "Access-Control-Request-Method", "Connection", "Content-Length", "Cookie", "Cookie2", "Date", "DNT", "Expect", "Host", "Keep-Alive", "Origin", "Referer", "TE", "Trailer", "Transfer-Encoding", "Upgrade", "User-Agent", "Via", "Proxy-", "Proxy-XYZ", "Sec-", "Sec-XYZ"];
for (var i = 0; i < data.length; i++) {
var val = data[i].toLowerCase();
shouldReturnFalse(val);
};
</script>
</head>
<body>
Testing using W3C TestHarness.js for XHR Methods
</body>
</html>